hmmmm something called "Elite" running on port 31337? "Trinoo_Master"? bingo. you've been haxored. marc, do you administer your own machine? if so, i would back up your email and web files, then unplug it from the network and do a fresh install following strict security rules for locking down your box. you really should only have ports open for http and ssh (and pop3/imap/smtp if you really need this machine for email). do you really need three apaches running? also, ftp and telnet are not secure, don't use them (sftp and ssh have replaced them).

remember, hackers are rarely "deliberate"... only opportunistic. don't take it personally. if you compromise yourself, they will come.

hope that helps.

-ag

On Nov 30, 2004, at 6:45 PM, marc garrett wrote:

> hacked again...>> hi everyone,>> This is marc garrett from furtherfield.org - well it looks like after > all the hard work that he have spent getting the server back into > action again, updating it making it (supposedly) vulnerable was a > waste of time...>> Once again, the server has been hacked. This time we feel that it is a > deliberate action to attack us or someone else on the server.>> If anyone wishes to contact me regarding furtherfield things...>> or with related information regarding other servers that have been > hacked as well, like irational.org & southspace.org (who are now back > online again), or who might have some idea of who it is, actively > trying stop all of us, on the server from continuing our creative and > progressive net art functions. We would be most grateful.>> wishing you all the best...>> marc garrett>> my temporary email is:> a8theist@yahoo.co.uk> +> -> post: list@rhizome.org> -> questions: info@rhizome.org> -> subscribe/unsubscribe: http://rhizome.org/preferences/subscribe.rhiz> -> give: http://rhizome.org/support> -> visit: on Fridays the Rhizome.org web site is open to non-members> +> Subscribers to Rhizome are subject to the terms set out in the> Membership Agreement available online at http://rhizome.org/info/29.php>